package com.gdit.revenue.config;


/*import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        //释放静态资源    资源        .antMatchers()访问控制url
        //web.ignoring().antMatchers("/tlogin/**");
        web.ignoring().antMatchers("/assets/**","/echarts/**","/layui/**","/my/**","/tologin");
    }



    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
               .withUser("pgw").password(new BCryptPasswordEncoder().encode("123")).roles("user")
               .and()
               .withUser("root").password(new BCryptPasswordEncoder().encode("123")).roles("root");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        //请求授权的规则
        http.authorizeRequests()
                .antMatchers("/api/**","/user/**").hasAnyRole("user","root")
                .antMatchers("/**").hasRole("root")
                .anyRequest()//任何请求
                .authenticated()//进行认证

                .and()
                .formLogin()
                .loginPage("/tologin")  //自定义登录页面.loginPage("/tologin")，
                .loginProcessingUrl("/login").permitAll()   //登录验证调用security的login接口
                .usernameParameter("user")
                .passwordParameter("password")  //.usernameParameter("user").passwordParameter("password")匹配自己login.html的name  提交表单th:action="@{/login}"
                //指定权限认证失败跳转的错误页面
                .failureUrl("/login.html?login=error")
                //直接访问登录页面时返回的地址,如果访问的是登录页的话返回指定的地址
                .defaultSuccessUrl("/api/getPage?pageName=index",true)

                .and().csrf().disable(); // 关闭csrf

        http.headers().frameOptions().disable();


    }

}*/